18 Replies
Cloudflare Docs
Client certificates | Cloudflare SSL/TLS docs
Use Cloudflare public key infrastructure (PKI) to create client certificates and enforce mutual Transport Layer Security (mTLS) encryption.
thanks i implemented it and its working fine.. one last think its working for example.com but not api.example.com and i saw this.. is there any solution for it so that it work on subdomain?
do i will need to create certs locally?
It should work fine as long as the certificate match
Note that * wildcards are not supported, the api.example.com domain will probably require its own cert or re-create your existing cert to include api subdomain 😉
for this you mean adding api.example.com in SSL/TSL -> Origion Certificate or SSL/TSL -> Edge Certificates ????
the cert on your origin, where api resolves to
if it's SSL protected by the wildcard, *.example.com thats probably the issue, needs to be explicitlly set 😉 api.example.com
i removed * one and added api.example.com, regenerated cliente cert and followed all steps but its not accessible with or without certificate
tried again with a hard refresh? CTRL Shift R?
i am testing it with python requests library
it was working for example.com
but not for subdomain
Ooh if you visit the domain in a browser, what does the SSL cert tell you? valid?
yes app is working fine with ssl, but when i activate WAF rule it is not accessible
is it for *.example.com or the api.example.com the cert viewed from browser?
it saying example.com
My CF proxied records for example will still display: even with custom SSL certs on my origin. But i don't want you to un-proxy the record either. I hope there's a way to generate custom certs, probably with the custom cert manager on Cloudflare 😉
for the url api.example.com cert only for example.com?
i have DM you the url...
here is a working example for domain example.com with and without client certificate
but samething is not working in case of subdomain abc.example.com